pull down to refresh

Firstly, there is the Bitcoin Core client, which is the "reference implementation". There are other implementations/clients as well.
The Bitcoin Core client is developed to follow the Bitcoin protocol but also has features like a wallet, a GUI, etc.
So there are two facets to consider:
  • Making changes to the Bitcoin Protocol
  • Making changes to the Bitcoin Core client
There are some articles on the Bitcoin Wiki that will be of interest here:
And there's this, in the bitcoin repo:
There was also a session at Bitcoin 2020 conference that might be of interest:
Bitcoin Core Development Process - Bitcoin 2022 Conference
Then there are second layer protocols and applications -- e.g., Lightning network. Those have their own methods for developing the protocol and app/features.
While I am aware that the community can approve/reject proposals it's entirely feasible that the general population (as Bitcoin becomes more popular) may become susceptible to an attack vector.
I personally don't need to convince the developers to include or not include something in a release. They need to convince me that I want to install their release.
Otherwise, their change can do whatever, even things that might be harmful, but that doesn't affect me because I'm not running their software. However, if there's a release that is contentious, then I want to be on the side that the vast majority of the "economic nodes", otherwise I may accept payment that I cannot then spend because my payment will not be accepted by those nodes.
So the tl;dr to your question is: Who can change bitcoin? Those who understand Incentives and Game Theory such that a Bitcoin Core release includes only changes that will be accepted by the vast majority of economic nodes.
Here's an example of that combination of incentives and game theory with regard to one example -- the 21M limit:
Can Bitcoin's Hard Cap of 21 Million Be Changed? https://river.com/learn/can-bitcoins-hard-cap-of-21-million-be-changed/
(But ignore the part about miner and node signaling, that's not a hard rule and may not even be a part of the process in the future).
reply
Here's a great reply to a similar question on r/Bitcoin:
Everyone can edit Bitcoin code. Nobody can force you to use their edits.
There is no power to abuse, just trust. You should think hard about who and what you trust. (That thinking hard by many people is what prevents such abuse.)
reply